nixos/hosts/web-arm/sites/api.paraclub.at.nix

{ pkgs, lib, config, ... }:
{
  services.webstack.instances."api.paraclub.at" = {
    enableDefaultLocations = false;
    enableMysql = true;
    authorizedKeys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcfDiAqwP8FnH0Nl/joMtaRWwiNXbDBYk0wq1gnC5G8"
    ];
    extraConfig = ''
      add_header X-Frame-Options "SAMEORIGIN";
      add_header X-Content-Type-Options "nosniff";

      index index.php

      charset utf-8;

      error_page 404 /index.php;
    '';
    locations."/favicon.ico".extraConfig = ''
      log_not_found off;
      access_log off;
    '';
    locations."/robots.txt".extraConfig = ''
      access_log off;
      log_not_found off;
    '';

    locations."/".extraConfig = ''
      try_files $uri $uri/ /index.php$is_args$args;
    '';
    phpPackage = pkgs.php82.withExtensions ({ enabled, all }:
      enabled ++ [ all.imagick ]);
  };

  services.nginx.virtualHosts."api.paraclub.at".acmeRoot = lib.mkForce "/var/lib/acme/acme-challenge";
}